The security flaw was discovered by a researcher , certain versions of BIG-IP Access Policy Manager (APM), a secure access solution that simplifies and centralizes access to applications, APIs and data.
The vulnerability is related to a component named Traffic Management Microkernel (TMM), which processes all load-balanced traffic on BIG-IP systems.
When a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management Microkernel (TMM) stops responding and restarts. the vendor explained in an advisory published last month. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, the system triggers a failover to the peer device.
Exploiting this vulnerability does not require any tools — the attacker simply has to send a specially crafted HTTP request to the server hosting the BIG-IP configuration utility, which results in access to the system being blocked till it’s restarted.
F5 said in its advisory that the vulnerability, tracked as CVE-2020-27716 with a severity rating of high, only impacts versions 14.x and 15.x. Updates that patch the flaw in both branches are available.
A critical BIG-IP vulnerability that ended up being exploited in the wild, including by profit-driven cybercriminals and state-sponsored hackers last year.